* audit2allow/sepolgen not setting the locale properly when calculating the bootdate
@ 2013-05-09 20:51 Laurent Bigonville
2013-05-10 12:19 ` Daniel J Walsh
0 siblings, 1 reply; 2+ messages in thread
From: Laurent Bigonville @ 2013-05-09 20:51 UTC (permalink / raw)
To: selinux
Hello,
When using a locale that use the date format other than MM/DD/YY,
allow2audit -b is not working properly (shows <no matches>). The
ausearch executable is expecting the date to be formatted in the user
locale.
Explicitly setting "locale.setlocale(locale.LC_ALL, '')" inside the
sepolgen get_audit_boot_msgs() function (or in the allow2audit
executable) is passing the correct date to the ausearch executable.
I'll propose a patch for this if you want, but I'm not sure if you would
prefer this to be fixed in the audit2allow executable or in the sepolgen
python library.
Cheers
Laurent Bigonville
--
This message was distributed to subscribers of the selinux mailing list.
If you no longer wish to subscribe, send mail to majordomo@tycho.nsa.gov with
the words "unsubscribe selinux" without quotes as the message.
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: audit2allow/sepolgen not setting the locale properly when calculating the bootdate
2013-05-09 20:51 audit2allow/sepolgen not setting the locale properly when calculating the bootdate Laurent Bigonville
@ 2013-05-10 12:19 ` Daniel J Walsh
0 siblings, 0 replies; 2+ messages in thread
From: Daniel J Walsh @ 2013-05-10 12:19 UTC (permalink / raw)
To: Laurent Bigonville; +Cc: selinux
[-- Attachment #1: Type: text/plain, Size: 1435 bytes --]
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 05/09/2013 04:51 PM, Laurent Bigonville wrote:
> Hello,
>
> When using a locale that use the date format other than MM/DD/YY,
> allow2audit -b is not working properly (shows <no matches>). The ausearch
> executable is expecting the date to be formatted in the user locale.
>
> Explicitly setting "locale.setlocale(locale.LC_ALL, '')" inside the
> sepolgen get_audit_boot_msgs() function (or in the allow2audit executable)
> is passing the correct date to the ausearch executable.
>
> I'll propose a patch for this if you want, but I'm not sure if you would
> prefer this to be fixed in the audit2allow executable or in the sepolgen
> python library.
>
> Cheers
>
> Laurent Bigonville
>
> -- This message was distributed to subscribers of the selinux mailing
> list. If you no longer wish to subscribe, send mail to
> majordomo@tycho.nsa.gov with the words "unsubscribe selinux" without quotes
> as the message.
>
We have a patch for this in Fedora now. Attach patch is the difference
between upstream and Fedora. Eric and I will begin putting together a series
of patches to get Fedora patches into upstream.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iEYEARECAAYFAlGM5c0ACgkQrlYvE4MpobOBaACg072AlvtRX5zX0Q/p7bvdUrJS
zqgAniqFg98UT4pu9cfOaa1t+lJpQGr4
=4dHo
-----END PGP SIGNATURE-----
[-- Attachment #2: audit2allow.patch --]
[-- Type: text/x-patch, Size: 2767 bytes --]
diff --git a/policycoreutils/audit2allow/audit2allow b/policycoreutils/audit2allow/audit2allow
index 8e0c396..1059bea 100644
--- a/policycoreutils/audit2allow/audit2allow
+++ b/policycoreutils/audit2allow/audit2allow
@@ -18,7 +18,7 @@
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#
-import sys
+import sys, os
import sepolgen.audit as audit
import sepolgen.policygen as policygen
@@ -29,6 +29,8 @@ import sepolgen.defaults as defaults
import sepolgen.module as module
from sepolgen.sepolgeni18n import _
import selinux.audit2why as audit2why
+import locale
+locale.setlocale(locale.LC_ALL, '')
class AuditToPolicy:
VERSION = "%prog .1"
@@ -80,8 +82,7 @@ class AuditToPolicy:
parser.add_option("--interface-info", dest="interface_info", help="file name of interface information")
parser.add_option("--debug", dest="debug", action="store_true", default=False,
help="leave generated modules for -M")
-
- parser.add_option("-w", "--why", dest="audit2why", action="store_true", default=False,
+ parser.add_option("-w", "--why", dest="audit2why", action="store_true", default=(os.path.basename(sys.argv[0])=="audit2why"),
help="Translates SELinux audit messages into a description of why the access was denied")
options, args = parser.parse_args()
@@ -267,12 +268,10 @@ class AuditToPolicy:
continue
if rc == audit2why.CONSTRAINT:
- print "\t\tPolicy constraint violation.\n"
- print "\t\tMay require adding a type attribute to the domain or type to satisfy the constraint.\n"
- print "\t\tConstraints are defined in the policy sources in policy/constraints (general), policy/mcs (MCS), and policy/mls (MLS).\n"
- for reason in data:
- print "\t\tNote: Possible cause is the source and target %s differ\n" % reason
- continue
+ print #!!!! This avc is a constraint violation. You would need to modify the attributes of either the source or target types to allow this access.\n"
+ print "#Constraint rule: \n\t" + data[0]
+ for reason in data[1:]:
+ print "#\tPossible cause is the source %s and target %s are different.\n\b" % reason
if rc == audit2why.RBAC:
print "\t\tMissing role allow rule.\n"
@@ -350,6 +349,9 @@ class AuditToPolicy:
except ValueError, e:
print e
sys.exit(1)
+ except IOError, e:
+ print e
+ sys.exit(1)
if __name__ == "__main__":
app = AuditToPolicy()
^ permalink raw reply related [flat|nested] 2+ messages in thread
end of thread, other threads:[~2013-05-10 12:19 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2013-05-09 20:51 audit2allow/sepolgen not setting the locale properly when calculating the bootdate Laurent Bigonville
2013-05-10 12:19 ` Daniel J Walsh
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.